Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

AnyDesk Shares More Information on Recent Hack

AnyDesk has provided more information on the recent hack, including when the attack started and its impact.

AnyDesk hack

AnyDesk has shared more information on the recent hacker attack, including when threat actors first breached its systems and the impact of the incident.

According to the developer of the popular remote access software, the intrusion was discovered in mid-January and a forensic investigation showed that the hackers first breached its systems in late December 2023. 

The investigation revealed that the hackers compromised production systems, but there is no indication that they have obtained customer credentials or that malicious versions of the AnyDesk software have been distributed as a result of this incident.

“We have performed a review of our code and see no malicious modifications. We also have no evidence of malicious code being distributed to customers through any AnyDesk systems,” the company stated.

Nevertheless, code-signing certificates and security-related certificates are being revoked and AnyDesk is pushing out software updates with the new certificates. 

It’s unlikely that the attackers obtained user credentials, but there is a theoretical possibility that they did and AnyDesk has decided to force a password reset for all customers.

The firm has admitted that two relay servers located in Europe, which transmit credentials entered into the AnyDesk client, have been compromised. While it’s unlikely, the attackers could have theoretically rewritten AnyDesk code, trick customers into using the malicious software, and get them to provide their password. 

On the other hand, the company said it can confidently rule out the possibility of user session hijacking as a result of the security breach.

Advertisement. Scroll to continue reading.

AnyDesk clarified that it was not a ransomware attack and there was no extortion attempt. 

It also highlighted that recent reports of user credentials being sold on the dark web are not related to the incident as the credentials were stolen directly from customer systems by information-stealing malware. The forced password reset procedure initiated now should also address the risk for customers whose systems were infected with infostealers. 

Related: Russian Cyberspies Exploiting TeamCity Vulnerability at Scale: Government Agencies

Related: North Korean Software Supply Chain Attack Hits North America, Asia 

Related: New ‘Carderbee’ APT Targeted Chinese Security Software in Supply Chain Attack

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Data Breaches

Sony shares information on the impact of two recent unrelated hacker attacks carried out by known ransomware groups. 

Data Breaches

A group of hackers has leaked Atlassian employee records and floorplans, information that was obtained from third-party workplace platform Envoy.

Data Breaches

Delta Dental of California says over 6.9 million individuals were impacted by a data breach caused by the MOVEit hack.

Data Breaches

KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack.